Bypassing precinct election officials in the May 10 automated elections: open invitation to fraud

If there is still doubt whether or not the Philippines is heading towards a chaotic election, Comelec Resolution No. 8786 erases all doubt.

This resolution promulgated on March 4, 2010, is entitled “Revised General Instructions for the Board of Election Inspectors (BEI) on the Voting, Counting, and Transmission of Results in Connection With the 10 May 2010 National and Local Elections”. It amends or revises earlier Comelec Resolution No. 8739 (the original General Instructions for the BEIs) to “fine tune the process and address procedural gaps.”

This resolution directs the Board of Election Inspectors (BEI), the committee of three teachers who run the elections in every precinct, to press “No” when the automated counting machine asks them to “digitally sign the transmission files with a BEI signature key”.

Perhaps I should repeat that to make sure you, dear readers, don’t miss it: the BEIs have been instructed by the Comelec not to digitally sign the electronic ER before it is transmitted to higher level servers for canvassing and consolidation.

The provision is in Sec. 40 of the Revised GI, “Counting of ballots and transmission of results”, page 27.

Here is how Comelec spokesperson James Jimenez explained why the BEIs were instructed not to sign the electronic ERs: (Read the full story here.)

But Comelec spokesperson James Jimenez said the instructions did not mean that there would be no digital signatures in the transmission of the votes.

Jimenez said the instructions simply removed one step in the transmission process in order to minimize human intervention and further protect the results of the vote.

The digital signature of the machine is already encoded in the device, he said, and that the digital signature of the BEI is also entered into the machine before the voting.

Signature imbedded

“From the start, the digital signature is already in the machine … Since it is there, the minute the machine stops counting, it starts printing, it starts transmitting. The teacher does not need to enter the process,” Jimenez said.

“That minimizes the possibility of the results being tampered with,” he added.

Jimenez said that the digital signatures would be read by the machines receiving the voting results because they are already in the signal that was transmitted.

The Comelec is apparently still fixated at minimizing human intervention. They still don’t realize (or maybe, they perfectly do?) that it may be possible to minimize human intervention, but never to eliminate it completely. In any automation project, there are always points of human intervention — the design engineers, the programmers, the maintenance or repair technicians, the operators, and and a few others. By minimizing human intervention, they are actually minimizing the number of people that need to be in on a conspiracy, that need to be bribed, or are potential witnesses. In fact, the more people watching what is actually happening, the harder it is to cheat.

With this Comelec resolution, the BEIs have have lost control. They have been sidetracked. The whole automated election process is now completely under the control of a single foreign entity, Smartmatic, and the machines we are leasing from them. They generate the passwords and digital signatures, they encode the digital signatures within the machine (or most probably in a keychain-size device, which is read by a sensor in the counting machine), they transmit the data, and they certify the correctness of the passwords and digital signatures. In a business setting, this is equivalent to merging in a single person the functions of vendor, machine operator, accountant, cashier and auditor — an open invitation to fraud.

Most election fraud are inside jobs. The gaping security breach created by Comelec Resolution No. 8786 has made it much easier for a few insiders to manipulate the results of the May 10 elections.

Question: is this Comelec resolution the product of gross stupidity or malicious intent?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: